How to Check Which Programs Are Phoning Home From Your PC

Anybody who uses the Internet has to be aware of the constant danger of being infected with malware that surreptitiously connects to the Internet. Various kinds of spyware and Trojan horses can phone home and reveal your personal information. Or an infection may turn your computer into a zombie that is part of a botnet without your knowledge.

One way of guarding against unwanted Internet activity is with a two-way firewall that monitors both incoming and outgoing traffic. However, many average PC users have a firewall that only checks incoming traffic. There are also a variety of programs for analyzing network activity but most of these require a knowledge of networking that average PC users do not have. Fortunately, there are some simple ways that anybody can use and this tip will discuss one of these. It doesn’t require anything to be downloaded and installed and the information it provides is easy to interpret. It doesn’t replace more advanced methods but it makes useful information available to users of all levels of expertise.

Using the command “netstat” to check Internet activity

All current versions of Windows come with a number of network tools that run from the command line. (How to use the command line is discussed at this link) One of these tools is the command “netstat”, which has a number of features for analyzing network traffic. More experienced users can read about using “netstat” for detailed network analysis at this reference. This tip shows a quick and easy way to use "netstat" to see what programs are connecting to the Internet:

Open the command prompt. For this tip, Windows Vista/7 will require administrator privileges (see this link)

Enter “netstat -b” (without quotes)

A list of the executable files that are making connections to the Internet will be displayed. You can also add a switch "n" to tell you which IP addresses are being contacted. Then step 2 becomes:

Enter "netstat -bn" (without quotes)

Graphical interface for netstat

If you prefer a limited graphical interface for netstat, there is a free program called TCPEye. It can be downloaded at Softpedia. It has to be installed and has some rough spots but it has the advantage of displaying in real time.

Create a log of Internet activity with a netstat batch file

Internet activity is not static and you may want to log it over a period of time. Batch files using netstat to create a log are given at this reference.

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.